Detections
Analytics
RHEL 6 : kernel (RHSA-2010:0842)
high Nessus Plugin ID 50629
Language:
Synopsis
The remote Red Hat host is missing one or more security updates for kernel.Description
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0842 advisory.- kernel: drm ioctls infoleak (CVE-2010-2803)
- kernel: wireless: fix 64K kernel heap content leak via ioctl (CVE-2010-2955)
- kernel: arbitrary kernel memory write via i915 GEM ioctl (CVE-2010-2962)
- kernel: ftrace NULL ptr deref (CVE-2010-3079)
- kernel: 64-bit Compatibility Mode Stack Pointer Underflow (CVE-2010-3081)
- kernel: niu: buffer overflow for ETHTOOL_GRXCLSRLALL (CVE-2010-3084)
- kernel: IA32 System Call Entry Point Vulnerability (CVE-2010-3301)
- kernel: sctp: do not reset the packet during sctp_packet_config (CVE-2010-3432)
- kernel: pktcdvd ioctl dev_minor missing range check (CVE-2010-3437)
- kernel: prevent heap corruption in snd_ctl_new() (CVE-2010-3442)
- kvm: invalid selector in fs/gs causes kernel panic (CVE-2010-3698)
- kernel: sctp memory corruption in HMAC handling (CVE-2010-3705)
- kernel: RDS sockets local privilege escalation (CVE-2010-3904)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL kernel package based on the guidance in RHSA-2010:0842.See Also
http://www.nessus.org/u?1f45922c
http://www.nessus.org/u?b8f2ae8a
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=621435
https://bugzilla.redhat.com/show_bug.cgi?id=628434
https://bugzilla.redhat.com/show_bug.cgi?id=631623
https://bugzilla.redhat.com/show_bug.cgi?id=632069
https://bugzilla.redhat.com/show_bug.cgi?id=632292
https://bugzilla.redhat.com/show_bug.cgi?id=633864
https://bugzilla.redhat.com/show_bug.cgi?id=633865
https://bugzilla.redhat.com/show_bug.cgi?id=633964
https://bugzilla.redhat.com/show_bug.cgi?id=633966
https://bugzilla.redhat.com/show_bug.cgi?id=634449
https://bugzilla.redhat.com/show_bug.cgi?id=634457
https://bugzilla.redhat.com/show_bug.cgi?id=634973
https://bugzilla.redhat.com/show_bug.cgi?id=634984
https://bugzilla.redhat.com/show_bug.cgi?id=635951
https://bugzilla.redhat.com/show_bug.cgi?id=636116
https://bugzilla.redhat.com/show_bug.cgi?id=637087
https://bugzilla.redhat.com/show_bug.cgi?id=637675
https://bugzilla.redhat.com/show_bug.cgi?id=637688
https://bugzilla.redhat.com/show_bug.cgi?id=638085
https://bugzilla.redhat.com/show_bug.cgi?id=638478
https://bugzilla.redhat.com/show_bug.cgi?id=638973
https://bugzilla.redhat.com/show_bug.cgi?id=639412
https://bugzilla.redhat.com/show_bug.cgi?id=639879
https://bugzilla.redhat.com/show_bug.cgi?id=640036
https://bugzilla.redhat.com/show_bug.cgi?id=641258
https://bugzilla.redhat.com/show_bug.cgi?id=641454
https://bugzilla.redhat.com/show_bug.cgi?id=641455
https://bugzilla.redhat.com/show_bug.cgi?id=641456
https://bugzilla.redhat.com/show_bug.cgi?id=641457
https://bugzilla.redhat.com/show_bug.cgi?id=641458
https://bugzilla.redhat.com/show_bug.cgi?id=641459
https://bugzilla.redhat.com/show_bug.cgi?id=641460
https://bugzilla.redhat.com/show_bug.cgi?id=641483
https://bugzilla.redhat.com/show_bug.cgi?id=641907
https://bugzilla.redhat.com/show_bug.cgi?id=642043
https://bugzilla.redhat.com/show_bug.cgi?id=642045
https://bugzilla.redhat.com/show_bug.cgi?id=642465
https://bugzilla.redhat.com/show_bug.cgi?id=642679
https://bugzilla.redhat.com/show_bug.cgi?id=642680
https://bugzilla.redhat.com/show_bug.cgi?id=642896
https://bugzilla.redhat.com/show_bug.cgi?id=644037
https://bugzilla.redhat.com/show_bug.cgi?id=644038
https://bugzilla.redhat.com/show_bug.cgi?id=644636
https://bugzilla.redhat.com/show_bug.cgi?id=644926
Plugin Details
Severity: High
ID: 50629
File Name: redhat-RHSA-2010-0842.nasl
Version: 1.43
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 11/18/2010
Updated: 4/21/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.6
Vendor
Vendor Severity: Important
CVSS v2
Risk Factor: High
Base Score: 8.3
Temporal Score: 7.2
Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2010-3705
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS Score Source: CVE-2010-3081
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:kernel-firmware, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-kdump, p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper, p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:perf
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/22/2010
Vulnerability Publication Date: 9/8/2010
CISA Known Exploited Vulnerability Due Dates: 6/2/2023
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Reliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation)
Reference Information
CVE: CVE-2010-2803, CVE-2010-2955, CVE-2010-2962, CVE-2010-3079, CVE-2010-3081, CVE-2010-3084, CVE-2010-3301, CVE-2010-3432, CVE-2010-3437, CVE-2010-3442, CVE-2010-3698, CVE-2010-3705, CVE-2010-3904
BID: 42577, 42885, 43098, 43239, 43355, 43480, 43551, 43684, 43701, 43787, 44067, 44219, 44500